diff --git a/.env.example b/.env.example
index cc652beea5..61f4e2ea86 100644
--- a/.env.example
+++ b/.env.example
@@ -39,7 +39,6 @@ CF_ON_INVALID_FLAG_STOPPROCESSING="true", "false"
 CF_PROCESS_DNS_ON_DNSPARSER_EXCEPTION="true", "false"
 
 # Specifies path to fullchain-CA-certificate & CA-certificate-private-key
-# Deno: Optional, Required only if `TERMINATE_TLS` is true.
 # Node: Optional, can be used only in development and if `TLS_` doesn't exist.
 TLS_CRT_PATH=""
 TLS_KEY_PATH=""
@@ -49,9 +48,6 @@ TLS_KEY_PATH=""
 # Required
 DENO_ENV="production", "development"
 
-# Optional
-TERMINATE_TLS="true"
-
 # ---------- Node runtime specific ---------- #
 
 # Required
diff --git a/src/commons/envutil.js b/src/commons/envutil.js
index 4a04a4caee..d3d32c7d9b 100644
--- a/src/commons/envutil.js
+++ b/src/commons/envutil.js
@@ -70,10 +70,6 @@ export function secondaryDohResolver() {
   return env.secondaryDohResolver;
 }
 
-export function terminateTls() {
-  return envManager && envManager.get("TERMINATE_TLS");
-}
-
 export function tlsCrtPath() {
   if (!envManager) return "";
   return envManager.get("TLS_CRT_PATH") || "";
diff --git a/src/core/deno/config.ts b/src/core/deno/config.ts
index 2516e1a08c..36af63224f 100644
--- a/src/core/deno/config.ts
+++ b/src/core/deno/config.ts
@@ -29,7 +29,7 @@ function setup() {
     dotEnvConfig({ export: true });
   } catch (e) {
     // throws without --allow-read flag
-    console.warn(".env file may not be loaded => ", e.name, ":", e.message);
+    console.warn(".env missing => ", e.name, e.message);
   }
 
   try {
@@ -37,7 +37,7 @@ function setup() {
     Deno.env.set("RUNTIME", "deno");
   } catch (e) {
     // Warning: `set()` method is not available in Deno deploy.
-    console.warn("Deno.env.set() is not available => ", e.name, ":", e.message);
+    console.warn("Deno.env.set() => ", e.name, e.message);
   }
 
   window.envManager = new EnvManager();
diff --git a/src/server-deno.ts b/src/server-deno.ts
index 48ea42915e..09cd06cdc8 100644
--- a/src/server-deno.ts
+++ b/src/server-deno.ts
@@ -17,9 +17,9 @@ let log: any = null;
 })();
 
 function systemUp() {
-  const DOH_PORT = 8080;
-  const DOT_PORT = 10000;
-
+  const onDenoDeploy = envutil.onDenoDeploy() as boolean;
+  const dohConnOpts = { port: 8080 };
+  const dotConnOpts = { port: 10000 };
   const tlsOpts = {
     certFile: envutil.tlsCrtPath() as string,
     keyFile: envutil.tlsKeyPath() as string,
@@ -29,30 +29,23 @@ function systemUp() {
     alpnProtocols: ["h2", "http/1.1"],
   };
 
-  const onDenoDeploy = envutil.onDenoDeploy() as boolean;
-  const terminateTls = envutil.terminateTls() as boolean;
-
   log = util.logger("Deno");
   if (!log) throw new Error("logger unavailable on system up");
 
-  log.i(envutil.tlsKeyPath(), envutil.tlsCrtPath());
   startDoh();
 
   startDotIfPossible();
 
   async function startDoh() {
-    const doh = terminateTls
-      ? // doc.deno.land/deno/stable/~/Deno.listenTls
-        Deno.listenTls({
-          port: DOH_PORT,
-          // obj spread (es2018) works only within objs
+    // doc.deno.land/deno/stable/~/Deno.listenTls
+    // doc.deno.land/deno/stable/~/Deno.listen
+    const doh = terminateTls()
+      ? Deno.listenTls({
+          ...dohConnOpts,
           ...tlsOpts,
           ...httpOpts,
         })
-      : // doc.deno.land/deno/stable/~/Deno.listen
-        Deno.listen({
-          port: DOH_PORT,
-        });
+      : Deno.listen({ ...dohConnOpts });
 
     up("DoH", doh.addr as Deno.NetAddr);
 
@@ -69,14 +62,9 @@ function systemUp() {
     // No DoT on Deno Deploy which supports only http workloads
     if (onDenoDeploy) return;
 
-    const dot = terminateTls
-      ? Deno.listenTls({
-          port: DOT_PORT,
-          ...tlsOpts,
-        })
-      : Deno.listen({
-          port: DOT_PORT,
-        });
+    const dot = terminateTls()
+      ? Deno.listenTls({ ...dotConnOpts, ...tlsOpts })
+      : Deno.listen({ ...dotConnOpts });
 
     up("DoT (no blocklists)", dot.addr as Deno.NetAddr);
 
@@ -89,8 +77,15 @@ function systemUp() {
     }
   }
 
-  function up(server: string, addr: Deno.NetAddr) {
-    log.i(server, `listening on: [${addr.hostname}]:${addr.port}`);
+  function up(p: string, addr: Deno.NetAddr) {
+    log.i(p, `on [${addr.hostname}]:${addr.port}`, "tls?", terminateTls());
+  }
+
+  function terminateTls() {
+    if (onDenoDeploy) return false;
+    if (util.emptyString(tlsOpts.keyFile)) return false;
+    if (util.emptyString(tlsOpts.certFile)) return false;
+    return true;
   }
 }
 
@@ -98,19 +93,14 @@ async function serveHttp(conn: Deno.Conn) {
   const httpConn = Deno.serveHttp(conn);
 
   while (true) {
-    let requestEvent = null;
     try {
-      requestEvent = await httpConn.nextRequest();
-    } catch (e) {
-      log.w("err http read", e);
-      break;
-    }
-    if (!requestEvent) {
-      log.d("no more reqs, bail");
-      break;
-    }
+      const requestEvent = await httpConn.nextRequest();
+
+      if (!requestEvent) {
+        log.d("no more reqs, bail");
+        break;
+      }
 
-    try {
       // doc.deno.land/deno/stable/~/Deno.RequestEvent
       // deno.land/manual/runtime/http_server_apis#http-requests-and-responses
       const req = requestEvent.request;
@@ -121,7 +111,7 @@ async function serveHttp(conn: Deno.Conn) {
       await requestEvent.respondWith(res as Response | Promise<Response>);
     } catch (e) {
       // Client may close conn abruptly before a response could be sent
-      log.w("send fail doh response", e);
+      log.w("doh fail", e);
       break;
     }
   }